No Clue As To What Virus This Is

View previous topic View next topic Go down

No Clue As To What Virus This Is

Post by garyhalexander on Tue 03 Aug 2010, 5:27 am

This may sound foolish, but I have no clue as to the calibre of virus this is, only that it is one insidious SOB. My spare laptop is a Dell Inspiron w/Vista OS. It won't start normally, only in Safe Mode. It will not run any programs, (thats if it starts at all), it will not allow any changes to be made in configuration settings, no way it will allow me to use restore or recovery points, it simply ignores me and does nothing. The 'create a restore point' tab has completely disappeared!!!
I can't get online (Safe Mode w/networking) to download any fixes, I'm trading between laptops w/a flash drive to install Malwarebytes, which didn't find anything. I then installed Spybot, it wouldn't let the scan run. I installed Avast!, it says the side-by-side configuration(?) is wrong and won't load to scan. I ran SuperAntiSpyware, all it found was adware cookies. I ran Microsoft Security Essentials, to no avail, it is worthless!!! MSE has never found any virus, ever. The computer is now effectively useless!! Help me, PLEASE!!!

garyhalexander

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2010-08-01
Operating System : Windows XP

View user profile

Back to top Go down

Re: No Clue As To What Virus This Is

Post by Belahzur on Tue 03 Aug 2010, 5:44 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: No Clue As To What Virus This Is

Post by garyhalexander on Tue 03 Aug 2010, 11:13 am

I can't get on the internet w/that laptop. However, I can use my other laptop and a flash drive to download to. Will that work?

garyhalexander

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2010-08-01
Operating System : Windows XP

View user profile

Back to top Go down

Re: No Clue As To What Virus This Is

Post by garyhalexander on Tue 03 Aug 2010, 11:39 am

I've tried the OTL w/my flash drive. The warning comes back: 'OTL.exe is not a valid Win32 application. Now what?

garyhalexander

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2010-08-01
Operating System : Windows XP

View user profile

Back to top Go down

Re: No Clue As To What Virus This Is

Post by garyhalexander on Wed 04 Aug 2010, 5:00 am

Now the computer sends up a warning saying my Windows Installer; (1) will not operate in Safe Mode, & (2) Windows Installer isn't operating properly and cannot install Java Runtime Environment v. 21, Adobe Reader (latest v.), JavaRa or any other program that uses the wizard! Frick!! Any ideas?

garyhalexander

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2010-08-01
Operating System : Windows XP

View user profile

Back to top Go down

Re: No Clue As To What Virus This Is

Post by Belahzur on Wed 04 Aug 2010, 11:10 am

Hello.

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Try OTL now.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: No Clue As To What Virus This Is

Post by garyhalexander on Wed 04 Aug 2010, 6:15 pm

Okay, I finally got something tangible. Here's the OTL results:
OTL logfile created on: 8/4/2010 2:01:36 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.24 Gb Total Space | 87.38 Gb Free Space | 62.76% Space Free | Partition Type: NTFS
Drive D: | 959.13 Mb Total Space | 958.47 Mb Free Space | 99.93% Space Free | Partition Type: FAT
Drive E: | 9.77 Gb Total Space | 4.55 Gb Free Space | 46.62% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MELINDA-PC
Current User Name: Melinda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/04 01:42:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/08/04 01:42:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 21:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/01/12 03:38:59 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Disabled | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/09/17 00:17:12 | 000,225,362 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\stacsv.exe -- (STacSV)
SRV - [2008/09/17 00:17:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\AEstSrv.exe -- (AESTFilters)
SRV - [2008/05/07 18:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/05/09 02:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/11/20 05:19:34 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/10/27 06:21:48 | 001,207,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/09/17 00:23:10 | 002,369,536 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/09/17 00:17:22 | 000,382,976 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/09/04 00:29:08 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/09/02 04:19:22 | 000,069,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/09/01 05:19:40 | 000,304,128 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/09/01 05:15:54 | 000,317,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/14 18:16:34 | 000,570,880 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/12/14 18:04:24 | 000,551,680 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt2870.sys -- (rt2870)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-741041146-3760887399-1135784923-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\S-1-5-21-741041146-3760887399-1135784923-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\S-1-5-21-741041146-3760887399-1135784923-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\S-1-5-21-741041146-3760887399-1135784923-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-741041146-3760887399-1135784923-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-741041146-3760887399-1135784923-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-741041146-3760887399-1135784923-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/05/27 12:30:12 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\Mozilla\Extensions
[2010/05/27 12:30:12 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} [You must be registered and logged in to see this link.] (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.167.146.2
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AUTORUN_STELERA.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/01 19:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/01 19:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/08/01 19:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/01 11:36:47 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Roaming\Malwarebytes
[2010/08/01 11:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/01 11:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/31 01:43:38 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/07/30 23:20:51 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/07/20 00:36:11 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\Stardock_Corporation
[2010/07/14 18:48:49 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/07/13 10:42:49 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Roaming\Leader Technologies
[2010/07/12 18:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\LTCM Client
[2010/07/12 18:15:05 | 000,000,000 | ---D | C] -- C:\Users\Melinda\Documents\My Print Creations
[2010/07/12 18:14:54 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\ArcSoft
[2010/07/12 18:14:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\ArcSoft
[2010/07/12 18:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/07/12 18:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2010/07/12 18:12:43 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Roaming\ArcSoft
[2010/07/12 18:11:19 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Roaming\.oit
[2010/07/12 18:10:55 | 000,000,000 | ---D | C] -- C:\Users\Melinda\Documents\My PageManager
[2010/07/12 18:10:54 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\NewSoft
[2010/07/12 18:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NewSoft
[2010/07/12 18:05:41 | 000,000,000 | ---D | C] -- C:\Program Files\NewSoft
[2010/07/12 18:05:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\color
[2010/07/12 15:59:40 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Roaming\Epson
[2010/07/12 15:57:55 | 000,474,892 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\ensppmon.dll
[2010/07/12 15:57:55 | 000,474,892 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\enppmon.dll
[2010/07/12 15:57:55 | 000,457,611 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\ensppui.dll
[2010/07/12 15:57:55 | 000,457,611 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\enppui.dll
[2010/07/12 15:57:55 | 000,249,344 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\enspres.dll
[2010/07/12 15:57:55 | 000,249,344 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\enpres.dll
[2010/07/12 15:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2010/07/12 15:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2010/07/12 15:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2010/07/12 15:54:03 | 000,093,696 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FLBFJA.DLL
[2010/07/12 15:53:59 | 000,079,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FD4BFJA.DLL
[2010/07/12 15:51:58 | 000,128,392 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\esdevapp.exe
[2010/07/12 15:51:58 | 000,015,872 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\escdev.dll
[2010/07/08 15:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
[2010/07/08 15:20:40 | 000,000,000 | ---D | C] -- C:\Windows\{7F7635FC-B887-49FA-8526-094724C01A6E}

========== Files - Modified Within 30 Days ==========

[2010/08/04 02:00:51 | 001,835,008 | -HS- | M] () -- C:\Users\Melinda\ntuser.dat
[2010/08/04 01:29:57 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/04 01:29:57 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/04 01:29:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/04 01:29:39 | 3181,760,512 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/04 01:28:26 | 000,524,288 | -HS- | M] () -- C:\Users\Melinda\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/08/04 01:28:26 | 000,065,536 | -HS- | M] () -- C:\Users\Melinda\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/02 14:21:50 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/02 14:21:50 | 000,594,698 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/02 14:21:50 | 000,100,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/01 21:42:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/01 19:21:45 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/08/01 13:25:52 | 000,006,648 | ---- | M] () -- C:\Users\Melinda\AppData\Local\d3d9caps.dat
[2010/07/31 00:20:09 | 000,002,473 | ---- | M] () -- C:\Users\Melinda\Desktop\Microsoft Works Word Processor.lnk
[2010/07/28 14:49:16 | 000,004,544 | ---- | M] () -- C:\Users\Melinda\Desktop\New Journal Document.jnt
[2010/07/27 15:20:26 | 000,000,466 | ---- | M] () -- C:\Users\Melinda\AppData\Roaming\wklnhst.dat
[2010/07/25 03:54:46 | 009,678,336 | ---- | M] () -- C:\Users\Melinda\Documents\St.Mary's Sunday bullitan.wps
[2010/07/24 17:40:08 | 000,014,848 | ---- | M] () -- C:\Users\Melinda\Documents\Church Letter Heading..wps
[2010/07/23 03:35:34 | 009,672,192 | ---- | M] () -- C:\Users\Melinda\Documents\Large St. Mary's bullitan.wps
[2010/07/23 02:01:06 | 000,002,491 | ---- | M] () -- C:\Users\Melinda\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Works Word Processor.lnk
[2010/07/18 09:46:18 | 000,000,000 | ---- | M] () -- C:\Users\Melinda\Documents\NULL
[2010/07/14 18:48:36 | 225,316,171 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/12 18:17:35 | 000,000,100 | ---- | M] () -- C:\Windows\EPWF610.ini
[2010/07/12 18:14:43 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\Print Creations.lnk
[2010/07/12 18:10:42 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Presto! PageManager 8.15.01 SE.lnk
[2010/07/12 18:10:13 | 000,000,264 | ---- | M] () -- C:\Windows\setup.iss
[2010/07/12 18:03:01 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\WorkForce 610 Info Center.lnk
[2010/07/12 17:49:09 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/07/08 20:17:33 | 000,010,240 | ---- | M] () -- C:\Users\Melinda\Documents\2009 JAMICA.wps

========== Files Created - No Company Name ==========

[2010/08/04 01:29:39 | 3181,760,512 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/28 14:49:16 | 000,004,544 | ---- | C] () -- C:\Users\Melinda\Desktop\New Journal Document.jnt
[2010/07/24 15:02:10 | 000,002,473 | ---- | C] () -- C:\Users\Melinda\Desktop\Microsoft Works Word Processor.lnk
[2010/07/23 02:01:06 | 000,002,491 | ---- | C] () -- C:\Users\Melinda\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Works Word Processor.lnk
[2010/07/23 01:40:33 | 009,672,192 | ---- | C] () -- C:\Users\Melinda\Documents\Large St. Mary's bullitan.wps
[2010/07/23 01:10:43 | 000,014,848 | ---- | C] () -- C:\Users\Melinda\Documents\Church Letter Heading..wps
[2010/07/18 09:45:16 | 000,000,000 | ---- | C] () -- C:\Users\Melinda\Documents\NULL
[2010/07/14 18:48:36 | 225,316,171 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/07/12 18:14:43 | 000,001,911 | ---- | C] () -- C:\Users\Public\Desktop\Print Creations.lnk
[2010/07/12 18:10:42 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Presto! PageManager 8.15.01 SE.lnk
[2010/07/12 18:09:21 | 000,000,264 | ---- | C] () -- C:\Windows\setup.iss
[2010/07/12 16:48:28 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\WorkForce 610 Info Center.lnk
[2010/07/12 15:51:59 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/07/12 15:16:14 | 000,000,100 | ---- | C] () -- C:\Windows\EPWF610.ini
[2010/07/09 00:44:02 | 009,678,336 | ---- | C] () -- C:\Users\Melinda\Documents\St.Mary's Sunday bullitan.wps
[2010/03/12 16:06:23 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/03/12 16:00:06 | 000,000,044 | ---- | C] () -- C:\Windows\EPNX410.ini
[2009/12/31 01:04:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/21 18:33:55 | 000,027,136 | ---- | C] () -- C:\Windows\System32\QTUninst.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/04 22:59:07 | 000,001,851 | ---- | C] () -- C:\Windows\ACROREAD.INI
[2009/01/12 05:05:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1489.dll
[2009/01/12 03:28:52 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >

garyhalexander

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2010-08-01
Operating System : Windows XP

View user profile

Back to top Go down

Re: No Clue As To What Virus This Is

Post by garyhalexander on Wed 04 Aug 2010, 6:23 pm

Now for the Extras:
OTL Extras logfile created on: 8/4/2010 2:01:36 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.24 Gb Total Space | 87.38 Gb Free Space | 62.76% Space Free | Partition Type: NTFS
Drive D: | 959.13 Mb Total Space | 958.47 Mb Free Space | 99.93% Space Free | Partition Type: FAT
Drive E: | 9.77 Gb Total Space | 4.55 Gb Free Space | 46.62% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MELINDA-PC
Current User Name: Melinda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C3074BF-7153-46EB-A3D3-B7EDC13F3B8A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{24DEE616-C7FA-4462-AA57-5E81890756F8}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{314B0AEB-3F3D-46CA-9937-089921E2E6EB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{49B71305-C230-4A21-A938-52D3903B5BC2}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{4B5D5D93-C989-42EE-B50F-291032B05F8D}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{562461B7-8906-4643-BA41-E0543FAAF184}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{571FC469-E59E-42C9-B078-00104AD3833E}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{61579752-AE5A-45FD-8B07-CF3C30F3043F}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{6671FDF4-0377-4ECA-8C70-3D0365534189}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8ADE12FD-B3AB-4235-B537-0A14ABA14900}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A872A9A6-55C1-4A25-8E4C-40BFB4D22A20}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{AB3EC503-4713-40A4-8A31-77250EC044C6}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{238F787F-4FE9-4644-8362-30800F50E190}" = MediaSPace
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{73CD9967-000C-49C6-A900-C87D5B2D253F}" = Presto! PageManager 8.15.01 SE
"{7456BBA3-642F-4E59-9F89-7639977D7C39}" = Cozi
"{76817622-AE94-494F-8AC6-3F9551D6642C}" = Quilting Designs Demo
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BC66FD90-7BF4-4026-8119-04161D02A2F3}" = ArcSoft Print Creations
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Adobe Acrobat Reader 3.01" = Adobe Acrobat Reader 3.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{76817622-AE94-494F-8AC6-3F9551D6642C}" = Quilting Designs Demo
"InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys Dual-Band Wireless-N USB Network Adapter
"LimeWire" = LimeWire 5.5.8
"LTCM Client" = LTCM Client
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Monopoly" = Monopoly
"QuickTime 3.0" = QuickTime 3.0
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/31/2010 11:03:30 AM | Computer Name = Melinda-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/31/2010 11:03:30 AM | Computer Name = Melinda-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/31/2010 11:25:36 AM | Computer Name = Melinda-PC | Source = EventSystem | ID = 4609
Description =

Error - 7/31/2010 11:37:34 AM | Computer Name = Melinda-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/31/2010 11:37:34 AM | Computer Name = Melinda-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/31/2010 11:37:34 AM | Computer Name = Melinda-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/31/2010 11:37:34 AM | Computer Name = Melinda-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/31/2010 11:37:34 AM | Computer Name = Melinda-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/31/2010 11:38:19 AM | Computer Name = Melinda-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/31/2010 11:38:21 AM | Computer Name = Melinda-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Broadcom Wireless LAN Events ]
Error - 6/21/2010 12:17:02 PM | Computer Name = Melinda-PC | Source = WLAN-Tray | ID = 0
Description = 11:17:02, Mon, Jun 21, 10 Error - User "" does not have administrative
privileges on this system

Error - 6/21/2010 1:35:26 PM | Computer Name = Melinda-PC | Source = WLAN-Tray | ID = 0
Description = 12:35:26, Mon, Jun 21, 10 Error - User "" does not have administrative
privileges on this system

Error - 6/21/2010 1:35:26 PM | Computer Name = Melinda-PC | Source = WLAN-Tray | ID = 0
Description = 12:35:26, Mon, Jun 21, 10 Error - User "" does not have administrative
privileges on this system

Error - 6/21/2010 4:49:16 PM | Computer Name = Melinda-PC | Source = WLAN-Tray | ID = 0
Description = 15:49:16, Mon, Jun 21, 10 Error - User "" does not have administrative
privileges on this system

Error - 6/21/2010 4:49:16 PM | Computer Name = Melinda-PC | Source = WLAN-Tray | ID = 0
Description = 15:49:16, Mon, Jun 21, 10 Error - User "" does not have administrative
privileges on this system

Error - 6/21/2010 8:09:12 PM | Computer Name = Melinda-PC | Source = WLAN-Tray | ID = 0
Description = 19:09:12, Mon, Jun 21, 10 Error - User "" does not have administrative
privileges on this system

Error - 6/21/2010 8:09:12 PM | Computer Name = Melinda-PC | Source = WLAN-Tray | ID = 0
Description = 19:09:12, Mon, Jun 21, 10 Error - User "" does not have administrative
privileges on this system

Error - 7/1/2010 11:59:28 PM | Computer Name = Melinda-PC | Source = WLAN-Tray | ID = 0
Description = 22:59:28, Thu, Jul 01, 10 Error - Unable to gain access to user store


Error - 7/14/2010 7:50:50 PM | Computer Name = Melinda-PC | Source = WLAN-Tray | ID = 0
Description = 18:50:49, Wed, Jul 14, 10 Error - Unable to gain access to user store


Error - 7/16/2010 3:33:51 PM | Computer Name = Melinda-PC | Source = WLAN-Tray | ID = 0
Description = 14:33:50, Fri, Jul 16, 10 Error - Unable to gain access to user store


[ System Events ]
Error - 12/27/2009 8:28:22 PM | Computer Name = Melinda-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 12/27/2009 8:28:42 PM | Computer Name = Melinda-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 12/27/2009 8:28:42 PM | Computer Name = Melinda-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 12/27/2009 8:28:43 PM | Computer Name = Melinda-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 12/27/2009 8:28:43 PM | Computer Name = Melinda-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 12/27/2009 10:54:02 PM | Computer Name = Melinda-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =

Error - 12/27/2009 10:54:02 PM | Computer Name = Melinda-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =

Error - 12/27/2009 10:54:31 PM | Computer Name = Melinda-PC | Source = HTTP | ID = 15016
Description =

Error - 12/27/2009 10:54:51 PM | Computer Name = Melinda-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/27/2009 10:54:51 PM | Computer Name = Melinda-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
[code]

garyhalexander

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2010-08-01
Operating System : Windows XP

View user profile

Back to top Go down

Re: No Clue As To What Virus This Is

Post by Belahzur on Thu 05 Aug 2010, 1:53 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: No Clue As To What Virus This Is

Post by Sponsored content Today at 2:35 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum